2011-04-06 Vitaly Repeshko <vitalyr@chromium.org>
authorvitalyr@chromium.org <vitalyr@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 21:51:23 +0000 (21:51 +0000)
committervitalyr@chromium.org <vitalyr@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2011 21:51:23 +0000 (21:51 +0000)
        Reviewed by Nate Chapin.

        [V8] Remove custom DOMImplementation getter on Document.
        https://bugs.webkit.org/show_bug.cgi?id=57991

        The custom getter is no longer required because DOMImplementation
        objects are now created per document.

        Test: fast/dom/DOMImplementation/implementation-identity.html

        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/v8/custom/V8DocumentCustom.cpp:
        * dom/Document.idl:

2011-04-06  Vitaly Repeshko  <vitalyr@chromium.org>

        Reviewed by Nate Chapin.

        [V8] Remove custom DOMImplementation getter on Document.
        https://bugs.webkit.org/show_bug.cgi?id=57991

        * fast/dom/DOMImplementation/implementation-identity-expected.txt: Added.
        * fast/dom/DOMImplementation/implementation-identity.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@83213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/DOMImplementation/implementation-identity-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/DOMImplementation/implementation-identity.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/scripts/CodeGeneratorV8.pm
Source/WebCore/bindings/v8/custom/V8DocumentCustom.cpp
Source/WebCore/dom/Document.idl

index 0ff2e47..4a3fadb 100644 (file)
@@ -1,3 +1,13 @@
+2011-04-06  Vitaly Repeshko  <vitalyr@chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [V8] Remove custom DOMImplementation getter on Document.
+        https://bugs.webkit.org/show_bug.cgi?id=57991
+
+        * fast/dom/DOMImplementation/implementation-identity-expected.txt: Added.
+        * fast/dom/DOMImplementation/implementation-identity.html: Added.
+
 2011-04-07  Steve Lacey  <sjl@chromium.org>
 
         Reviewed by Eric Carlson.
diff --git a/LayoutTests/fast/dom/DOMImplementation/implementation-identity-expected.txt b/LayoutTests/fast/dom/DOMImplementation/implementation-identity-expected.txt
new file mode 100644 (file)
index 0000000..42bdffd
--- /dev/null
@@ -0,0 +1,7 @@
+This test checks that DOMImplementation object is created per document.
+
+If the test passes, you should see a few OK lines below.
+
+OK: Top-level document and iframe document have different DOMImplementation objects
+OK: DOMImplementation object is cached
+
diff --git a/LayoutTests/fast/dom/DOMImplementation/implementation-identity.html b/LayoutTests/fast/dom/DOMImplementation/implementation-identity.html
new file mode 100644 (file)
index 0000000..2b3c56c
--- /dev/null
@@ -0,0 +1,30 @@
+<body>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function print(message)
+{
+    var paragraph = document.createElement("li");
+    paragraph.appendChild(document.createTextNode(message));
+    document.getElementById("console").appendChild(paragraph);
+}
+
+function test()
+{
+    if (document.implementation != frames[0].document.implementation)
+        print("OK: Top-level document and iframe document have different DOMImplementation objects");
+    else
+        print("BUG: Top-level document and iframe document share a DOMImplementation object");
+
+    if (document.implementation === document.implementation)
+        print("OK: DOMImplementation object is cached");
+    else
+        print("BUG: DOMImplementation object is not cached");
+}
+</script>
+<p>This test checks that DOMImplementation object is created per document.</p>
+<p>If the test passes, you should see a few OK lines below.</p>
+<p><ol id=console></ol></p>
+<iframe src="about:blank" onload="test()"></iframe>
+</body>
index e3ebe85..dca05b8 100644 (file)
@@ -1,3 +1,19 @@
+2011-04-06  Vitaly Repeshko  <vitalyr@chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [V8] Remove custom DOMImplementation getter on Document.
+        https://bugs.webkit.org/show_bug.cgi?id=57991
+
+        The custom getter is no longer required because DOMImplementation
+        objects are now created per document.
+
+        Test: fast/dom/DOMImplementation/implementation-identity.html
+
+        * bindings/scripts/CodeGeneratorV8.pm:
+        * bindings/v8/custom/V8DocumentCustom.cpp:
+        * dom/Document.idl:
+
 2011-04-07  Sergey Glazunov  <serg.glazunov@gmail.com>
 
         Reviewed by Dimitri Glazkov.
index a21bc3e..7412188 100644 (file)
@@ -448,9 +448,7 @@ sub GetInternalFields
         push(@customInternalFields, "eventListenerCacheIndex");
     }
 
-    if (IsSubType($dataNode, "Document")) {
-        push(@customInternalFields, "implementationIndex");
-    } elsif ($name eq "DOMWindow") {
+    if ($name eq "DOMWindow") {
         push(@customInternalFields, "enteredIsolatedWorldIndex");
     }
     return @customInternalFields;
index c435863..7cad58e 100644 (file)
@@ -118,34 +118,6 @@ v8::Handle<v8::Value> V8Document::getCSSCanvasContextCallback(const v8::Argument
     return v8::Undefined();
 }
 
-
-// DOMImplementation is a singleton in WebCore. If we use our normal
-// mapping from DOM objects to V8 wrappers, the same wrapper will be
-// shared for all frames in the same process. This is a major
-// security problem. Therefore, we generate a DOMImplementation
-// wrapper per document and store it in an internal field of the
-// document. Since the DOMImplementation object is a singleton, we do
-// not have to do anything to keep the DOMImplementation object alive
-// for the lifetime of the wrapper.
-v8::Handle<v8::Value> V8Document::implementationAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
-{
-    ASSERT(info.Holder()->InternalFieldCount() >= internalFieldCount);
-
-    // Check if the internal field already contains a wrapper.
-    v8::Local<v8::Value> implementation = info.Holder()->GetInternalField(V8Document::implementationIndex);
-    if (!implementation->IsUndefined())
-        return implementation;
-
-    // Generate a wrapper.
-    Document* document = V8Document::toNative(info.Holder());
-    v8::Handle<v8::Value> wrapper = toV8(document->implementation());
-
-    // Store the wrapper in the internal field.
-    info.Holder()->SetInternalField(implementationIndex, wrapper);
-
-    return wrapper;
-}
-
 v8::Handle<v8::Value> toV8(Document* impl, bool forceNewObject)
 {
     if (!impl)
index 7329d7b..cf820ba 100644 (file)
@@ -29,7 +29,7 @@ module core {
 
         // DOM Level 1 Core
         readonly attribute DocumentType doctype;
-        readonly attribute [V8Custom] DOMImplementation implementation;
+        readonly attribute DOMImplementation implementation;
         readonly attribute Element documentElement;
 
         [ReturnsNew] Element createElement(in [ConvertNullToNullString] DOMString tagName)